DEVOPS WEEKLY ISSUE #538 - 18th April 2021
Several good technology and tools posts this week, including on SQLite, Vault, Spring Boot, Cloud Run, Cosign, Telepresence, open policy agent, containerd and more.
StackHawk sponsors Devops Weekly
Are you a ZAP user looking to automate your security testing? Make sure to tune in to ZAPCon After Hours on Tuesday at 8 am PT to see how you can use Jenkins and Zest scripts to automate ZAP.
http://sthwk.com/zapcon-afterhours
News
I love SQLite. This post does a good job of explaining why it’s a unique and powerful tool for lots of different use cases.
https://antonz.org/sqlite-is-not-a-toy-database/
A post on the importance and differences between platform engineering and site reliability engineering.
https://www.effx.com/blog/platform-engineering-vs-site-reliability-engineering
A quick how-to post on using cosign to cryptographically sign container images.
https://raesene.github.io/blog/2021/03/21/Trying-out-cosign/
Vault supports different backends for storage, but what are the performance characteristics of using Postgres, Consul or GCS? This post answers the question and shows the working.
https://blog.flant.com/comparing-hashicorp-vault-backends-performance/
A look at using Telepresence for local development and debugging of applications running on Kubernetes.
https://codefresh.io/kubernetes-tutorial/telepresence-2-local-development/
A fast inner loop for developers testing out new ideas is a powerful tool, and one approach is a strong opinion about integrating frameworks, local tools and cloud services. A nice example with Spring Boot and Google Cloud Run.
https://seroter.com/2021/04/13/exploring-a-fast-inner-dev-loop-for-spring-boot-apps-targeting-google-cloud-run/
A nice walkthrough of using cloud native buildpacks to solve operational problems with building container images.
https://www.magalix.com/blog/how-to-on-using-cloud-native-buildpacks-for-operational-efficiency
Events
CONFLANG, a workshop on configuration languages, is coming up as part of SPLASH, on the 17th-22nd of October. The CFP is open now and looking for talks on New languages for configuration, Specification learning and mining for configurations, Infrastructure and configuration code maintenance and evolution and more.
https://2021.splashcon.org/home/conflang-2021#Call-for-Presentations
Tools
An experimental CLI tool for using containerd in a similar way to Docker. Not intended as a replacement as much as a place for some interesting experiments with cutting edge functionality.
https://github.com/containerd/nerdctl
OPAL is an administration layer for Open Policy Agent (OPA), detecting changes to both policy and policy data in realtime and pushing live updates to your agents.
https://www.opal.ac
https://github.com/authorizon/opal
An example of solving a problem with end-to-end automation. Using CDK to provision an AWS Config rule and Lambda function that detects and then removes an public SSH access.
https://github.com/adhorn/ssh-restricted